<?php

namespace app\common\library;

class TencentSin
{


    /**
     * 构建授权请求头（Authorization）
     *
     * @param string $secretId 腾讯云SecretId
     * @param string $date 日期（格式符合腾讯云要求）
     * @param string $service 服务名称
     * @param array $signedHeaders 参与签名的请求头列表
     * @param string $signature 生成的签名
     * @return string 完整的授权请求头内容
     */
    public static function buildAuthorizationHeader($secretId, $date, $service, $signedHeaders, $signature)
    {
        $credential = "TC3-HMAC-SHA256 Credential=$secretId/$date/$service/tc3_request";
        $signedHeadersStr = implode(";", $signedHeaders);
        return "$credential, SignedHeaders=$signedHeadersStr, Signature=$signature";
    }

    /**
     * 生成签名
     *
     * @param string $secretKey 腾讯云SecretKey
     * @param string $date 日期（格式符合腾讯云要求）
     * @param string $service 服务名称
     * @param string $request 具体请求路径
     * @param array $signedHeaders 参与签名的请求头列表
     * @param string $payload 请求体内容（通常是JSON格式等）
     * @return string 生成的签名值
     */
    public static function sign($secretKey, $date, $service, $payload, $host, $action,$request)
    {
        $algorithm = "TC3-HMAC-SHA256";
        $canonicalRequest = self::buildCanonicalRequest($payload,$host,$action,$request);
        $credentialScope = "$date/$service/tc3_request";
        $stringToSign = self::buildStringToSign($algorithm, $canonicalRequest, $credentialScope);
        return self::signString($secretKey, $date, $service, $stringToSign);
    }

    /**
     * 构建规范请求
     *
     * @param string $request 具体请求路径
     * @param array $signedHeaders 参与签名的请求头列表
     * @param string $payload 请求体内容（通常是JSON格式等）
     * @return string 规范请求字符串
     */
    public static function buildCanonicalRequest($payload, $host, $action, $request)
    {
        $httpRequestMethod = "POST"; // 这里根据实际请求方法修改，当前短信发送是POST请求，所以写POST
        $canonicalUri = $request;
        $canonicalQueryString = "";
        $canonicalHeaders = "content-type:application/json\n"."host:".$host."\nx-tc-action:".strtolower($action)."\n";;
        $signedHeadersStr = "content-type;host;x-tc-action";
        $hashedPayload = hash("sha256", $payload);
        return "$httpRequestMethod\n$canonicalUri\n$canonicalQueryString\n$canonicalHeaders\n$signedHeadersStr\n$hashedPayload";
    }


    /**
     * 构建待签名的字符串
     *
     * @param string $algorithm 签名算法名称
     * @param string $canonicalRequest 规范请求字符串
     * @param string $credentialScope 凭证范围字符串
     * @return string 待签名的字符串
     */
    public static function buildStringToSign($algorithm, $canonicalRequest, $credentialScope)
    {
        $stringToSign = "$algorithm\n";
        $stringToSign .= hash("sha256", $canonicalRequest) . "\n";
        $stringToSign .= $credentialScope;
        return $stringToSign;
    }

    /**
     * 对给定字符串进行签名运算生成最终签名
     *
     * @param string $secretKey 腾讯云SecretKey
     * @param string $date 日期（格式符合腾讯云要求）
     * @param string $service 服务名称
     * @param string $stringToSign 待签名的字符串
     * @return string 最终的签名值
     */
    public static function signString($secretKey, $date, $service, $stringToSign)
    {
        $dateKey = hash_hmac("sha256", $date, "TC3" . $secretKey, true);
        $serviceKey = hash_hmac("sha256", $service, $dateKey, true);
        $requestKey = hash_hmac("sha256", "tc3_request", $serviceKey, true);
        return hash_hmac("sha256", $stringToSign, $requestKey);
    }
}